Spring Oauth2 implicit flow

Question

Working on implementing Oauth2 with Spring. I want to implement the implicit workflow:

My configuration file:

@Configuration
@EnableAutoConfiguration         


        

Answer 1

In case of implicit flow all token will be generated through authorization url instead of token url. so you should hit ../oauth/authorize endpoint with implicit response type. i.e

../oauth/authorize?response_type=implicit&client_id=trusted_client&redirect_uri=<redirect-uri-of-client-application>.

You are getting the username password popup because token endpoint is already protected through spring's BasicAuthenticationFilter and it is expecting you to pass your client_id as username and client_secret as password. Instead of token endpoint you need to protect authorization endpoint so do your endpoint security configuration as given...

 @Override
        public void configure(HttpSecurity http) throws Exception {
            // @formatter:off
        http.authorizeRequests().antMatchers("/oauth/authorize").authenticated()
                .and()
                .authorizeRequests().anyRequest().permitAll()
                .and()
                .formLogin().loginPage("/login").permitAll()
                .and()
                .csrf().disable();
        }